NETGEAR FVS318N VPN Certificates Screen

Manage Users, Authentication, and VPN Certificates

314

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

certificate repository. However, if the defined purpose is for IPSec VPN only, the certificate is

uploaded only to the IPSec VPN certificate repository.

The wireless VPN firewall uses digital certificates to authenticate connecting VPN gateways

or clients, and to be authenticated by remote entities. A digital certificate that authenticates a

server, for example, is a file that contains the following elements:

•A public encryption key to be used by clients for encrypting messages to the server.

•Information identifying the operator of the server.

•A digital signature confirming the identity of the operator of the server. Ideally, the

signature is from a trusted third party whose identity can be verified.

You can obtain a digital certificate from a well-known commercial certification authority (CA)

such as Verisign or Thawte, or you can generate and sign your own digital certificate.

Because a commercial CA takes steps to verify the identity of an applicant, a digital certificate

from a commercial CA provides a strong assurance of the server’s identity. A self-signed

digital certificate triggers a warning from most browsers because it provides no protection

against identity theft of the server.

The wireless VPN firewall contains a self-signed digital certificate from NETGEAR. This

certificate can be downloaded from the wireless VPN firewall login screen for browser import.

However, NETGEAR recommends that you replace this digital certificate with a digital

certificate from a well-known commercial CA prior to deploying the wireless VPN firewall in

your network.

VPN Certificates Screen

To display the Certificates screen, select VPN > Certificates. Because of the large size of

this screen, and because of the way the information is presented, the Certificates screen is

divided and presented in this manual in three figures (Figure 191 on page 315, Figure 193 on

page 317, and Figure 195 on page 321).

The Certificates screen lets you view the currently loaded digital certificates, upload a new

digital certificate, and generate a certificate signing request (CSR). The wireless VPN firewall

typically holds two types of digital certificates:

•CA certificates. Each CA issues its own digital certificate to validate communication with

the CA and to verify the validity of digital certificates that are signed by the CA.

•Self-signed certificates. The digital certificates that are issued to you by a CA to identify

your device.

The Certificates screen contains four tables that are explained in detail in the following

sections:

•Trusted Certificates (CA Certificate) table. Contains the trusted digital certificates that

were issued by CAs and that you uploaded (see Manage VPN CA Certificates on this

page).

•Active Self Certificates table. Contains the self-signed certificates that were issued by

CAs and that you uploaded (see Manage VPN Self-Signed Certificates on page 316).